LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Samba MODIFY permission needs 'x' permission set in Linux? (http://www.linuxquestions.org/questions/linux-software-2/samba-modify-permission-needs-x-permission-set-in-linux-768701/)

jlinkels 11-12-2009 12:53 PM

Samba MODIFY permission needs 'x' permission set in Linux?
 
I have files which have the permissions:
-rw-rw---- 1 jlinkels project_users

When I look in Windows, I am allowed to read and write the file, but not to modify it. In order to make it modifyable I must set it to:
-rwxrw---- 1 jlinkels project_users

However, if my colleage which is also member of project_users want to modify the file I have to set it to:
-rwxrwx--- 1 jlinkels project_users

What is documented in Samba is that the x bit in -rwxrw---- maps to the archive bit in Windows.

Now it seems that Unix rw- is mapped to Windows Read/Write, but not Modify. Unix rwx is mapped to Full Control, which obviously includes Modify

IMHO this is not logical. If a file in Unix has write permissions you may write, modify and delete it. In Samba the write permission is mapped to Create (Write), but Modify is as much write as you can get, isn't it?

I have only a small problem with the Full Control permissions in Windows when I just want to give Modify permissions. But I don't like to set the 'x' permission in Linux.

Do I really understand this well, and is it inevitable?

jlinkels

David the H. 11-12-2009 01:50 PM

Quote:

If a file in Unix has write permissions you may write, modify and delete it.
This is not quite true. On Unix, access to the contents of the file depend on its permissions* yes, but file creation, renaming, and deletion depends on the permissions of the directory containing the file. The file itself can be read-only, but if the user has write permission on the directory, he can still delete it.

*(Modifying a file also counts as a deletion/creation event, and so requires the modifier to have proper directory permissions, too.)

I'm not sure if this answers your question, as I'm not really familiar with windows permissions, or how samba translates them, but I thought I'd point that out.

camorri 11-12-2009 02:02 PM

There is a very good description of this confusion here -->http://us1.samba.org/samba/docs/using_samba/ch08.html

I think you will find the answer in this chapter...

jlinkels 11-12-2009 07:04 PM

David: I am astonished, but some simple tests demonstrated that you are right about this. That is to say, I am allowed to delete a file which I do not own in a directory for which I hold rwx permissions. However, although I am able to delete the file, I cannot modify it, not even read it. It doesn't help any with the Samba problem tough.

Camorri: I read that chapter before I posted here. Nowhere is mentioned that a user must hold -rwx------ permissions to edit his own file, or that he must hold -rwxrwx--- permissions to modify a file owned by his group. As a matter of fact, in the various examples it is shown that the Linux file permissions are -rw-rw-r--, while the W2k dialiog shows that the file can be read, written, but the modify checkbox is empty.

It is also explicitly mentioned that the group execute bit doesn't have any meaning (except for indication that a file is "system" in Windows, provided this map option is set to true.

Of course I checked if setting the execute bit in the directory had any effect -- it didn't.

I still don't understand it. It is documented differently, and it doesn't make any sense to give a user read/write permissions, but not modify. Modifying is what happens the most with user files. Neither can I imagine it to be a bug.

jlinkels

David the H. 11-13-2009 07:24 AM

It helps to remember the Unix "everything is a file" philosophy. Under this concept, a directory is really just a special kind of file that holds a listing of all the files it "contains". Thus, if you want to add, remove, or rename something in the directory, you need permission to modify the directory "file".

I briefly scanned through the link above yesterday, and the thing that I gathered from it was that the mapping isn't intended to be particularly logical, and indeed can't be due to the differences in the systems, it just has to be able to hold all the possible combinations of permissions from the other file system in a usable manner.

camorri 11-13-2009 09:10 AM

I think you have to think about where the file is at any one time, and what that system is trying to do with it.

There is no modify bit in linux, or any unix file system I have looked at.

One thing samba has to do is preserve the bits created on a windows system. Since there is no modify bit, it is preserved with the execute bit ( group I think ). Windows has no group or world permissions.

So, windows does what windows does when the file is on a windows system. When moved to a samba server, the bits get translated a bit. That chapter does describe that.

Once that file is on a linux system, then linux rules apply, not windows. So it is the combination of directory permissions and file permissions that control what happens there. That is the way I view it. On linux, since there is no 'modify' bit, write permission by the user is what is required to change a file once created. This is the way I view it. I hope that makes sense.

jlinkels 11-13-2009 10:30 AM

Quote:

Originally Posted by camorri (Post 3755592)
On linux, since there is no 'modify' bit, write permission by the user is what is required to change a file once created. This is the way I view it. I hope that makes sense.

Yes, that makes sense. However, setting the write permission on Linux is not what suffices. I have to set the execute bit. And that does not make sense.

jlinkels


All times are GMT -5. The time now is 08:49 AM.